 |
| Copyright © 1996-1998 Mark Russinovich and Bryce Cogswell |
Last Updated,January 2, 1998
|
| Introduction |
WinObj
is a must-have tool if you are a system administrator
concerned about security, a developer tracking down
object-related problems, or just curious about the Object
Manager namespace.
WinObj
is a 32-bit Windows NT program that uses the native
Windows NT API (provided by NTDLL.DLL) to access and
display information on the NT Object Manager's name
space. Winobj may seem similar to the Microsoft
SDK's program of the same name, but the SDK version
suffers from numerous significant bugs that prevent it
from displaying accurate information (e.g. its handle and
reference counting information aretotally broken). In
addition, our WinObj understands many more object
types. Finally, Version 2.0 of our WinObj has
user-interface enhancements, knows how to open device
objects, and will let you view and change object security
information using native NT security editors.
Source
code for WinObj 1.0 is available on the Dr. Dobb's
Journal NTInternals CD-ROM.
|
| Installation and
Use |
There is
no device driver component to WinObj, so you can
run it like any Win32 program. |
| Sample Screen
Shot |
This is a
screenshot of WinObj
browsing the Object Manager namespace. |
How It Works
|
The
Object Manager is in charge of managing NT objects. As
part of this responsibility, it maintains an internal
namespace where various operating system components,
device drivers and Win32 programs can store and lookup
objects. The native NT API provides routines that allow
user-mode programs to browse the namespace and query the
status of objects located there, but the interfaces are
undocumented. |
More Information
|
Helen
Custer's Inside Windows NT provides a good
overview of the Object Manager name space, and Mark's
October 1997 Windows NT Magazine column,
"Inside the Object Manager", is (of course) an
excellent overview. |
Download Winobj (26KB)
|
 |